diff options
-rw-r--r-- | jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java | 2 | ||||
-rw-r--r-- | tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java | 22 |
2 files changed, 22 insertions, 2 deletions
diff --git a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java index 629b7f5535..ecd571a02d 100644 --- a/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java +++ b/jetty-security/src/main/java/org/eclipse/jetty/security/MappedLoginService.java @@ -241,7 +241,7 @@ public abstract class MappedLoginService extends AbstractLifeCycle implements Lo if (user==null) { KnownUser userPrincipal = loadUserInfo(username); - if (userPrincipal.authenticate(credentials)) + if (userPrincipal != null && userPrincipal.authenticate(credentials)) { //safe to load the roles String[] roles = loadRoleInfo(userPrincipal); diff --git a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java index 2f6acdd355..4d736812aa 100644 --- a/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java +++ b/tests/test-loginservice/src/test/java/org/eclipse/jetty/JdbcLoginServiceTest.java @@ -160,6 +160,21 @@ public class JdbcLoginServiceTest stopClient(); } } + + @Test + public void testGetNonExistantUser () throws Exception + { + try + { + startClient("foo", "bar"); + ContentResponse response = _client.GET(_baseUri.resolve("input.txt")); + assertEquals(HttpServletResponse.SC_UNAUTHORIZED,response.getStatus()); + } + finally + { + stopClient(); + } + } //Head requests to jetty-client are not working: see https://bugs.eclipse.org/bugs/show_bug.cgi?id=394552 @Ignore @@ -204,12 +219,17 @@ public class JdbcLoginServiceTest protected void startClient() throws Exception { + startClient("jetty", "jetty"); + } + + protected void startClient(String user, String pwd) throws Exception + { _client = new HttpClient(); QueuedThreadPool executor = new QueuedThreadPool(); executor.setName(executor.getName() + "-client"); _client.setExecutor(executor); AuthenticationStore authStore = _client.getAuthenticationStore(); - authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, "jetty", "jetty")); + authStore.addAuthentication(new BasicAuthentication(_baseUri, __realm, user, pwd)); _client.start(); } |